Reviews for PwdHash

Okay, first open up the .xpi file with WinRAR. Yo can probably use Win Zip, but I use WinRAR and make SURE to leave it open, so just minimize the opened WinRar with the files in it just chillin'... Now, open the install.rdf file, look towards the bottom for the line of code that usually reads 1.0-2.0.8 or something like that (those are the versions of Firefox). Just make sure to change the last number to 4.01 (or whatever the current version is, ie: 3.0-4.01) and put an asterisk at the end of it, but ONLY if there was one there before... like this: 1.0-2.0.8*) - LOL... I've done it with SOOO many apps and most of them simple apps, so they work fine, even with Firefox's Compatibility Add-on, they think it is genuine because I'm sure those #'s are what that app and most similar apps check for: the version # in the install.rdf file. Once you "hack" the .rdf file, then place it back into the WinRar that's been open all the time from the original .xpi, and then you just overwrite it (the .rdf file). Finally, close WinRAR and open the file with Firefox this time, into WinRAR. Then, it'll act as if you wanted to add and app and you go ahead and add the app, restart Firefox and voila! It works!!! :D

Update to my 5 star review 6 years ago: unfortunately this add-on seems to have been abandoned by its original maintainers, therefore a bug showing up in Firefox 66.0.2 and onwards renders it unusable.

I have created an alternative version: https://addons.mozilla.org/en-US/firefox/addon/pwdhash2/

(on a sidenote: I'm also the author of the pull request for migrating this extension to WebExtension two years ago)

----original review:----I've been using it for years now and it still serves me well! Unobtrusive and simple: just prefix with @@ or F2 and your password will be a hashed one specific for this site.No more worries when a site leaks all of the unsalted passwords.

Thanks to this addon I've stopped using the same password for every site. It works very well on most sites.

I have only two problems with it:

- There's no visual indication that the hashed password is being sent.

- Subdomains like a.com.es and b.com.es generate the same password. These domains are equivalent to .co.uk domains but for Spain. There're more of these kind of subdomains that should be treated like different sites.

in iceweasel 45.0a2 on debian 8 writing even one @ or pressing F2 immediately results in a segmentation fault. I really like this extension, and would like to use it on many platforms, I help to debug if I can...

Hi, I just updated to FF 42 and can't get this addon working anymore... it's really essential for me, so please update this addon as soon as you can. I really wonder why Mozilla specifically disabled it...

I can't recommend this, and I know the Stanford PwdHash library pretty well. This is a poor implementation. One major drawback is that there's no indication of whether or not the @@/F2 key sequence worked or not (it doesn't work on every site). So you're not sure if you're sending a hashed password or not.